<?php

class Maccount extends CI_Model {
    public function create($username,$password,$role,$status,$fname,$lname,$gender,$bday,$address,$about,$avatar) {
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);
        $role = mysql_real_escape_string($role);
        $status = mysql_real_escape_string($status);
        $fname = mysql_real_escape_string($fname);
        $lname = mysql_real_escape_string($lname);
        $gender = mysql_real_escape_string($gender);
        $bday = mysql_real_escape_string($bday);
        $address = mysql_real_escape_string($address);
        
        if($about != null) {
            $about = mysql_real_escape_string($about);
        }
        
        if($avatar != null) {
            $dir = 'images/temp/'.$avatar['name'];
            move_uploaded_file($avatar['tmp_name'],$dir);
            $avatar = mysql_real_escape_string(user_imgresize(220,220,$dir));
            if($avatar == null) {
                return 3;
            }
        }
        
        $check = $this->db->query("SELECT account_id FROM tbl_account WHERE username='$username'");
        
        if($check->num_rows() > 0) {
            $insert = 4;
        } else {
            $profile = array(
                'f_name' => $fname,
                'l_name' => $lname,
                'gender' => $gender,
                'birthday' => $bday,
                'address' => $address,
                'about_me' => $about
            );
            
            $pQuery = $this->db->insert('tbl_profile',$profile);
            $profile_id = $this->db->insert_id();
            
            $aQuery = $this->db->query("UPDATE tbl_profile SET avatar='$avatar' WHERE profile_id=$profile_id");
            
            $account = array(
                'username' => $username,
                'userpass' => md5($password),
                'status' => $status,
                'profile_id' => $profile_id,
                'role_id' => $role
            );
            
            $aQuery = $this->db->insert('tbl_account',$account);
            
            if($pQuery AND $aQuery) {
                $insert = 1;
            } else {
                $insert = 2;
            }
        }
        
        return $insert;
    }
    
    public function update($id,$oUsername,$username,$oldPass,$newPass,$role,$status,$fname,$lname,$gender,$bday,$address,$about,$avatar) {
        $username = mysql_real_escape_string($username);
        $oUsername = mysql_real_escape_string($oUsername);
        $role = mysql_real_escape_string($role);
        $status = mysql_real_escape_string($status);
        $fname = mysql_real_escape_string($fname);
        $lname = mysql_real_escape_string($lname);
        $gender = mysql_real_escape_string($gender);
        $bday = mysql_real_escape_string($bday);
        $address = mysql_real_escape_string($address);
        
        if($about != null) {
            $about = mysql_real_escape_string($about);
        }
        
        if($avatar != null) {
            $dir = 'images/temp/'.$avatar['name'];
            move_uploaded_file($avatar['tmp_name'],$dir);
            $avatar = mysql_real_escape_string(user_imgresize(220,220,$dir));
            if($avatar == null) {
                return 5;
            }
        }
        
        if($oldPass != null AND $newPass != null) {
            $oldPass = mysql_real_escape_string($oldPass);
            $newPass = mysql_real_escape_string($newPass);
            
            $this->db->select('userpass');
            $this->db->where('account_id',$id);
            $query = $this->db->get('tbl_account');
            $result = $query->result();
            
            if(md5($oldPass) != $result[0]->userpass) {
                return 3;
            }
        }
        
        $check = $this->db->query("SELECT account_id FROM tbl_account WHERE username='$username'");
        
        if($check->num_rows() > 0 AND $username != $oUsername) {
            $update = 4;
        } else {
            $str = "UPDATE tbl_account,tbl_profile SET tbl_account.username='$username',tbl_account.role_id=$role,tbl_account.status=$status,tbl_profile.f_name='$fname',tbl_profile.l_name='$lname',tbl_profile.gender='$gender',tbl_profile.birthday='$bday',tbl_profile.address='$address',tbl_profile.about_me='$about'";
            if($newPass != null) {$str.=",tbl_account.userpass=MD5('$newPass')";}
            if($avatar != null){$str.=",tbl_profile.avatar='$avatar'";}
            
            $str.=" WHERE tbl_account.account_id=$id AND tbl_profile.profile_id=tbl_account.profile_id";
            $query = $this->db->query($str);
            
            if($query) {
                $update = 1;
            } else {
                $update = 2;
            }
        }
        
        return $update;
    }
    
    public function checkuser($username,$userpass) {
        $username = mysql_real_escape_string($username);
        $userpass = mysql_real_escape_string($userpass);
        
        $query = $this->db->query("SELECT account_id,username,status,tbl_roles.role_id,role_name,level,tbl_profile.profile_id,f_name,l_name,gender,birthday FROM tbl_account,tbl_profile,tbl_roles WHERE tbl_account.username='$username' AND tbl_account.userpass=md5('$userpass') AND tbl_account.profile_id=tbl_profile.profile_id AND tbl_roles.role_id=tbl_account.role_id");
        
        if($query->num_rows() == 1) {
            $result = $query->result();
            
            if($result[0]->status == 1) {
                date_default_timezone_set('Asia/Manila');
                $data = array('last_login' => date("Y-m-d H:i:s"));
                $this->db->where('username',$username);
                $query = $this->db->update('tbl_account',$data);
                $ret = array(
                    'account_id' => $result[0]->account_id,
                    'username' => $result[0]->username,
                    'state' => $result[0]->status,
                    'role_id' => $result[0]->role_id,
                    'role' => $result[0]->role_name,
                    'level' => $result[0]->level,
                    'profile_id' => $result[0]->profile_id,
                    'fname' => $result[0]->f_name,
                    'lname' => $result[0]->l_name,
                    'gender' => $result[0]->gender,
                    'birthday' => $result[0]->birthday
                );
            } else {
                //Account not active
                $ret = 1;
            }
        } else {
            //Invalid username or password
            $ret = 2;
        }
        
        return $ret;
    }
    
    public function getprofile($account_id) {
        $account_id = mysql_real_escape_string($account_id);
        
        $query = $this->db->query("SELECT account_id,username,userpass,status,tbl_profile.profile_id,f_name,l_name,gender,birthday,address,about_me,avatar,tbl_roles.role_id,role_name,level FROM tbl_profile,tbl_account,tbl_roles WHERE tbl_account.account_id=$account_id AND tbl_account.profile_id=tbl_profile.profile_id AND tbl_roles.role_id=tbl_account.role_id");
        
        $result = $query->result();
        
        if($query->num_rows() > 0) {
            $ret = array(
                'account_id' => $result[0]->account_id,
                'username' => $result[0]->username,
                'userpass' => $result[0]->userpass,
                'status' => $result[0]->status,
                'role_id' => $result[0]->role_id,
                'role' => $result[0]->role_name,
                'level' => $result[0]->level,
                'profile_id' => $result[0]->profile_id,
                'fname' => $result[0]->f_name,
                'lname' => $result[0]->l_name,
                'gender' => $result[0]->gender,
                'birthday' => $result[0]->birthday,
                'address' => $result[0]->address,
                'about' => $result[0]->about_me,
                'avatar' => $result[0]->avatar
            );
        } else {
            //Invalid account ID
            $ret = null;
        }
        
        return $ret;
    }
    
    public function getavatar($id) {
        $id = mysql_real_escape_string($id);
        
        $str = "SELECT avatar FROM tbl_profile,tbl_account WHERE tbl_account.account_id=$id AND tbl_account.profile_id=tbl_profile.profile_id";
        $query = $this->db->query($str);
        $result = $query->result();
        
        return $result;
    }
    
    /*NO USE FOR THE MOMENT--------------------------------------------
    -------------------------------------------------------------------
    public function getFriends($user) {
        $user = mysql_real_escape_string($user);
        $status = 1;
        
        $query = $this->db->query("SELECT UserA, UserB,tbl_profile.profile_id,tbl_profile.f_name,tbl_profile.l_name,tbl_profile.avatar,tbl_profile.about_me,tbl_profile.address FROM tbl_friend , tbl_profile WHERE (UserA = $user AND status = $status AND tbl_profile.profile_id = tbl_friend.UserB ) OR (UserB = $user AND status = $status AND tbl_profile.profile_id = tbl_friend.UserA)");
        $result = $query->result();
        
        if($query->num_rows() > 0) {
            if($result[0]->UserA == $user || $result[0]->UserB == $user) {
                $result;
            } else {
                $result = null;
            }
        }
        return $result;
    }
    -----------------------------------------------------------------
    -----------------------------------------------------------------*/
}